spaze/oprah-proxy spaze/oprah-proxy

  • This repository has been archived on 22/Dec/2017
  • Stars
    star
    255
  • Rank 159,277 (Top 4 %)
  • Language
    Python
  • License
    MIT License
  • Created over 8 years ago
  • Updated almost 7 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
spaze/oprah-proxy
github

spaze

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Generate credentials for Opera's "browser VPN"

The Oprah Proxy

Generate credentials for Opera's "browser VPN"

This tool is DEPRECATED, we've learned news things but that's it. If you need anonymity just use Tor.

"Everybody gets a proxy" logo

Opera "VPN" introduced in Opera 38 Developer Edition is not a VPN, it's actually a proxy for the browser only, but it's free and unlimited so why not use it for some other apps, too. There's also Opera VPN for iOS and Opera VPN for Android, both are real VPN. This here is about the browser one.

Not affiliated with Opera Software AS.

Usage

oprahProxy.py <client_type> <client_key>

The script will generate credentials for you and list available proxies so you can use them elsewhere. oprahProxy.py can also be used as a Python module in your own application. Unfortunately I've had no success using any of these proxies as a proxy for curl for example. But it works with OpenSSL's s_client tool and the script will also print the required command for you.

Requirements

Python 3 & Requests. The API server works only with clients with Server Name Indication (SNI) support. Python 3 and Python 2.7.9+ include native support for SNI in their TLS modules. I was too lazy to build a version check, so I went with Python 3.

Technical details

The proxy is a secure one, which means the browser talks to the proxy server via HTTPS even if it loads a plain HTTP site. Hostname resolution (DNS) is also done remotely on the proxy server, so the browser does not leak hostnames when using this proxy. Currently, Opera leaks IP address via WebRTC and plugins, but Opera Software is aware of it and plans to fix it in a future release.

For more technical details, including HTTP API calls, see my technical write-up.

A message to Opera

Opera insists to call this a browser VPN. Sorry Opera, it's not a VPN, and calling it a browser VPN does not make it one. A VPN protects all connections and not just the browser ones. We've been teaching people that VPN protects their devices and operating systems and then you bake a proxy, although a secure one, in the browser and call it a VPN, that's bullshit, pardon my French. The feature is quite nice, but calling it a VPN could eventually be harmful to privacy, because of false sense of security. And then you release Opera VPN which is a VPN, unlike the VPN in the browser. Naming things, one of the only two hard things in Computer Science, right?

Disclaimer

This is just for research purposes, to study how things work, no harm intended. The script might (and will) stop working at any time.

Example openssl s_client command:

URL="http://www.opera.com" PROXY=159.203.42.222:443 HEADER="Proxy-Authorization: Basic MURBNTY1NDRFMkQ4NUZEMTgxRDY2OUUxNzM1ODg1MjI3QTRFQUNGQzpGQTI3NzIyMzhEMzg2MzlDMzYzQjk0RTA2MDc3NUIzNzMyNkIyQUEzQTM3OEVBNTdCOEVGQTUxQ0EzMjg0Qjc5"; echo -e "GET $URL HTTP/1.0\n$HEADER\n\n" | openssl s_client -connect $PROXY -ign_eof

Where

  • URL is a URL you want to load, change it to fit your needs
  • PROXY is a proxy from the list (the one in the example is the first listed proxy with port 443), change it if you want
  • HEADER is a Proxy-Authorization HTTP header using generated credentials, no need to change this

Usage with other browsers

You can use Opera's proxies with other browsers via proxy auto-config using the provided pac.js file. In Firefox go to OptionsAdvancedNetworkConnectionSettings and use https://raw.githubusercontent.com/spaze/oprah-proxy/master/pac.js as Automatic proxy configuration URL. Be aware that your browser traffic will go through the proxy server specified in the PAC file and theoretically I could change it so that the traffic goes via my own server instead. Although I'm not willing to do that, I might be forced to. Use just for testing, at your own risk.

When asked, use the credentials provided by oprahProxy.py script. The PAC file uses hardcoded location (DE), if you want to use other location just download the file, change the hostname (available hostnames are {ca,de,us}.opera-proxy.net), change your browser configuration, and you should be ready to go. Please note that Opera uses different, numbered hostnames when connecting to proxies (e.g. de0.opera-proxy.net) but these don't resolve outside of Opera. There's a certain overlap of IPs for de.opera-proxy.net and de0.opera-proxy.net so my guess is they use the same hosts with just different hostnames.

More Repositories

1

hashes

Magic hashes – PHP hash "collisions"
614
star
2

phpstan-disallowed-calls

PHPStan rules to detect disallowed method & function calls, constant, namespace, attribute & superglobal usages
PHP
146
star
3

domains

Unofficial and incomplete lists of various domain names
69
star
4

jakobejitblokaci.cz

www.jakobejitblokaci.cz
HTML
42
star
5

letsgetacert

Let's get cert – a Certbot wrapper
Shell
23
star
6

encrypt-hash-password-php

Example of an encrypted password hash storage in PHP
PHP
21
star
7

upc_keys-lambda

Peter "blasty" Geissler's upc_keys.c with custom prefix support and Lambda sauce
C
15
star
8

webtop100

Dokumenty k hodnocení soutěže WebTop100
15
star
9

csp-config

Build Content Security Policy from a config file
PHP
11
star
10

exploited.cz

https://exploited.cz
HTML
8
star
11

michalspacek.cz

michalspacek.cz + michalspacek.com + subdomains source code because why not
PHP
8
star
12

nonce-generator

Content Security Policy Nonce Generator
PHP
6
star
13

ebabis.cz

A v březnu někdo přišel s tím matematickým modelem A v srpnu někdo, sice byl to ten stejný člověk, ale už přišel v nějakém čase A ty, který měli přijít, nepřišli
HTML
6
star
14

canhas.report

Reporting API demos, learn all about CSP & other reports (Network Error Logging/NEL, Crash, Deprecation, Intervention, Mixed Content & more) in this interactive app.
PHP
6
star
15

phpstan-stripe

Stripe SDK extension for PHPStan
PHP
5
star
16

emulated-prepared-statements

SQL Injection using Emulated Prepared Statements (the default) in PHP PDO_MYSQL in GBK
PHP
5
star
17

cotel

Company Intel, data and proof-of-concept quick-and-dirty code for an bookmarking app. Abandoned.
CSS
5
star
18

phpinfo

Extract phpinfo() into a variable and move CSS to external file
CSS
4
star
19

sri-macros

Subresource Integrity macros for Latte template engine
PHP
4
star
20

bez-komentare

Filtry odstraňující komentáře, jejich počet, notifikace z českých stránek
3
star
21

fa-extract

A tool to extract only used icons from Font Awesome JS/SVG icons sets (PRE-ALPHA, I use it but YMMV)
PHP
3
star
22

feed-exports

Atom feed Response and related objects for Nette framework
PHP
3
star
23

svg-icons-latte

SVG Icons Custom Tag for Latte Templating System
PHP
2
star
24

coding-standard

PHP Code Sniffer rules
PHP
2
star
25

security-txt

PHP
2
star
26

stupid-git-deploy

Shell
2
star
27

nepovolenainternetovahazardnihra.cz

nepovolenainternetovahazardnihra.cz + jakobejitblokaci.cz = BFF ❤
HTML
2
star
28

libini-djgpp

LibINI is a C library for DJGPP and Linux for reading, updating and writing Windows-like INI files. I wrote this back in 1999.
C
2
star
29

reveal-input-details

Chrome JS snippet to reveal hidden inputs and input details
JavaScript
1
star
30

webleed

We Bleed scanner tools
Python
1
star
31

svnwcdump

Dumps Subversion working copy located at a website and accessible using HTTP
Python
1
star
32

phpstan-disallowed-calls-nette

1
star
33

common-config

Configuration wants to be shared
1
star